Fascinating and supports my suspicion that all blackberry is doing is
“controlling the entire channel” and there is nothing special here. I can
defeat the Saudi’s just as easily with an iPhone and a SSL certificate formy mail server.

Windows Mobile phones, android phones, and iPhones can use ActiveSyncprotocol, which uses 128bit or 256bit AES encryption from device to servervia SSL (over port 80). The different devices vary on their support for
256bit AES (some purposely don’t because it make things slower).

In other words depending on the devices chosen you can achieve an EQUAL
level of security with a non-blackberry phone. And as an extra positive
you have the keys, not blackberry.

It looks like the iPhone 4 is using 256bit AES, but that’s really
irrelevant, even governments cannot crack 128bit AES over SSL. Without
some sort of exploit it would still take every computer on the planet a
long time working together. NIST still stands behind the AES algorithm.

–Mike

Cos’è AES ?:

AES is based on a design principle known as a substitution-permutation network, combination of both substitution and permutation, and is fast in both software and hardware.[10] Unlike its predecessor DES, AES does not use a Feistel network. AES is a variant of Rijndael which has a fixed block size of 128 bits, and a key size of 128, 192, or 256 bits. By contrast, the Rijndael specification per se is specified with block and key sizes that may be any multiple of 32 bits, both with a minimum of 128 and a maximum of 256 bits.

AES operates on a 4×4 column-major order matrix of bytes, termed the state, although some versions of Rijndael have a larger block size and have additional columns in the state. Most AES calculations are done in a special finite field.

The key size used for an AES cipher specifies the number of repetitions of transformation rounds that convert the input, called the plaintext, into the final output, called the ciphertext. The number of cycles of repetition are as follows:

10 cycles of repetition for 128-bit keys.

12 cycles of repetition for 192-bit keys.

14 cycles of repetition for 256-bit keys.

Each round consists of several processing steps, each containing four similar but different stages, including one that depends on the encryption key itself. A set of reverse rounds are applied to transform ciphertext back into the original plaintext using the same encryption key.

Just two days before Apple has disclosed a critical Security flaw in the SSL implementationon the iOS software that would allow man-in-the-middle attacks to intercept the SSL data by spoofing SSL servers.

Dubbed as CVE-2014-1266, the so-called ‘goto fail;’ vulnerability in which the secure transport failed to validate the authenticity of the connection has left millions of Apple users vulnerable to Hackers and Spy Agencies, especially like theNSA.